Cyware Daily Threat Intelligence, August 06, 2020

Share Blog post

With each passing year, the cyber threat landscape continues to grow as researchers discover new security vulnerabilities that can potentially affect both individuals and organizations. This year’s Black Hat conference witnessed the discovery of several new security attacks that can be used against corporate networks. Two of these new attacks are EtherOops and four variants of HTTP Request Smuggling. While EtherOops attack leverages faulty Ethernet cables, the four variants of HTTP Request Smuggling work against various commercial off-the-shelf web servers and HTTP proxy servers.

Other than newly discovered attack techniques, the past 24 hours also saw the rampage of Maze ransomware. This time, the attackers targeted the leading camera maker, Canon, and claimed to steal nearly 10 TB of data from the company. Additionally, a total of 24 domains of Canon are also affected in the incident.

Top Breaches Reported in the Last 24 Hours

Canon hit
Canon has allegedly lost 10 TB data following an attack from Maze ransomware. The incident had occurred on August 5 and has affected a total of 24 Canon domains including canonhelp.com.

ProctorU breached
A data security breach at ProctorU has affected confidential data of users registered with the service. The incident has impacted many universities around Australia that used ProctorU for online exam monitoring purposes.

Colorado city pays ransom
The City of Lafayette, Colorado has paid a ransom of $45,000 to recover from a ransomware attack that affected the city’s emails, phones, online payments, and reservation systems. However, the City had asserted that no credit card information was affected by the incident.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches Teams
A security flaw affecting the Microsoft Teams Updater can enable attackers to plant and run malicious payloads. It can be exploited by using a Living Off the Land attack technique.

New EtherOops attack
Security researchers have demonstrated a new EtherOops attack that can be used to bypass network defenses and target devices located inside corporate networks. The technique works only if the targeted network contains faulty Ethernet cables.

Spoofing traffic signals
Traffic signals integrated with apps like Schwung and CrossCycle can be hacked to give wrong traffic data to drivers. Researchers have disclosed this fact in a pilot project carried out across various cities in the Netherlands. The hack is possible by injecting spoofed data into the apps.

New variants of HTTP attacks
A researcher has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. The name of the four variants is ‘Header SP/CR junk’, ‘Wait for It’, ‘HTTP/1.2 to bypass mod_security-like defense’, and ‘a plain solution’. These attacks can enable the hijack of credentials and the injection of responses to users.

UltraLoq vulnerability fixed
A misconfiguration error and other security flaws in U-Tec UltraLoq could have allowed attackers to steal unlock tokens using a Mac address. The findings were discovered in November 2019 and were fixed immediately by the company.

Vulnerable SAP Solution Manager
A set of vulnerabilities in SAP Solution Manager (SolMan) can be exploited to obtain root access to enterprise servers. The flaws are tracked as CVE-2020-6207, CVE-2020-6234, and CVE-2020-6236, and patches are available for all three.

Flawed temi robot
Four vulnerabilities in temi robot can be abused by malicious actors to spy on private video calls, and even remotely operate the robot. The four vulnerabilities include the use of hard-coded credentials (CVE-2020-16170), an origin validation error (CVE-2020-16168), missing authentication for critical function (CVE-2020-16167), and an authentication bypass issue (CVE-2020-16169).

Hacking Mac devices
A now-fixed exploit in the macOS version of Microsoft Office would have allowed attackers to hack a Mac device just by taking advantage of macros in Microsoft Office. The hack was possible by creating a file with an old SLK file format.

Vulnerable Bluetooth protocol 
In the Black Hat 2020 conference, researchers have demonstrated that Android devices can be targeted through a zero-day vulnerability in Bluetooth protocol. This can allow attackers to steal sensitive information like contacts, call history, and SMS verification codes from the phones.

Twitter fixes a flaw in the Android app
Twitter has informed its customers that a flaw in its Android app have been exploited by malicious applications to access users’ private data. Following the incident, the firm has updated the app to prevent external applications from accessing Twitter data.


 Tags

bluetooth protocol
http attacks
temi robot
ultraloq
sap solution manager solman

Posted on: August 06, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!